Ubuntu and Fedora devs comment on California's new Digital Age Assurance Act

With California's new age checking law coming into action in January 2027, there's a lot of discussion on how Linux distributions will be handling it. California are also not the only ones going for it, as it appears Colorado will also be doing a similar thing but that's coming while later - and we can expect more to follow.

A post on the Ubuntu developer mailing list has sparked numerous discussions online, with Canonical's VP of Engineering Jon Seager officially replying on the Ubuntu Discourse forum to note:

Over the past couple of days, there has been a lot of commentary about Ubuntu and how it’ll respond to California’s new Digital Age Assurance Act (AB 1043), which will require operating systems to collect age information at account setup and expose an age “signal” to eligible applications from 2027.

Canonical is aware of the legislation and is reviewing it internally with legal counsel, but there are currently no concrete plans on how, or even whether, Ubuntu will change in response.

The recent mailing list post is an informal conversation among Ubuntu community members, not an announcement. While the discussion contains potentially useful ideas, none have been adopted or committed to by Canonical.

When we have a clear plan, we will publish it through our usual channels.

There's a similar post on the Fedora forum from Fedora Project Leader Jef Spaleta, where they initially noted they weren't actually aware of it. However, in a follow-up post they said:

I’m not sure it requires telemetry.
I’m now aware of a similar legislation in Colorado.

I really don’t want to get over my skis and speculate too much. But I’m hopeful that the biggest impact for the entire ecosystem is that we figure out a way to have an OS local API that applications can choose to query.. and ask the OS what age bracket the current user is… and then the application is able to make UI/UX choices based on the OS provided information.

I think the point is to not have to have all the applications have to figure out how to ask for age information individually. The point I think is to ensure age information can be part of OS account creation and applications can query the OS to determine which age bucket a user is in. No telemetry… just a way for applications to query the OS… a local API… sounds a lot like a dbus service to me.

So what I am envisioning in my head is a family desktop computer… where the parents are the administrators.. and they create an account for their kid. When they create an account, the OS needs to have a way for them to optionally indicate the age bucket for the human associated with the account. Applications then could choose to query the OS concerning the age bucket and make UI/UX adjustments based on the age bucket info the OS returns.

Again I’m still coming up to speed on these pieces of legislation, and I still need to have more discussions with people. What I think is being mandated by legislation is making sure OSes have a documented way for applications to query for the age bucket information for the user. Do not take that as binding understanding, that is my current understanding based on what I’m reading currently in terms of editorial interpretation of the legislation that I can find. There’s work to do here to get clarity on that.

End of the day.. this might be a simple as extending how we currently map uid to usernames and group membership and having a new file in /etc/ that keeps up with age. It might be as simple as that and we extend the administrative cli and gui tools to populate that file as part of account creation. That might be simplest and it solves the problem for the full ecosystem of linux OSes. Then applications just have to start choosing to look at the file.

Seems like it might end up quite messy for various Linux distributions. Especially for smaller distributions that don't have legal teams. We're in for some rough weather with so many new age-based regulations across different countries coming into force over the next few years.